According to security companies and news reports, the Russian hacking campaign has struck several federal agencies.
Angela Lang / CNET
Earlier this year, hackers tampered with software created by a cyber security company that you may not have heard of. The intrusion led to a large-scale malware campaign that is now underway in the U.S. Affects federal agencies as well as governments around the world, according to security agencies and news reports.
The hacked company, Solarwinds, sells software that allows an organization to see what’s happening on its computer network. The hackers inserted malicious code into an updated version of the software, called Orion. About 18,000 Solarwinds customers installed dinted updates in their system, the company said.
The compromise update process has had an impact, the scale of which continues to grow as new information emerges. Based on newspaper reports, company statements, and analysis of other security companies, the Russian intelligence agency reportedly carried out a sophisticated attack that targeted several U.S. federal agencies and private companies, including Microsoft.
The idea came to President Donald Trump on Twitter on Saturday China may be behind the attack. Trump, who did not provide evidence to support the suggestion of China’s involvement, tagged Secretary of State Mike Pompeo, who earlier said in a radio interview that “we can clearly say that they were Russians engaged in this activity.”
U.S. national security agencies issued a joint statement Wednesday acknowledging a “significant and ongoing hacking campaign” affecting the federal government. It is still unclear how many agencies are affected or what information hackers have stolen so far, but the warehousing is extremely powerful across all accounts. According to the analysis by micro .ft and security firm FireA, they were both Infections too With Mwareware, it gives hackers a wider access to the affected systems.
On Thursday, Politico reported that systems on the Department of Energy and the National Nuclear Security Management have also been affected. Also on Thursday, Microsoft said it had identified it More than 40 customers That was the hack target. More information about the hack and its outcome is likely to come out. Here’s what you need to know about Solarwinds Hack:
How did hackers spy on malware in software updates?
The company explained in a filing to the SEC that the hackers succeeded in accessing the system access that Solarwinds uses to place simultaneous updates on its ionized product. From there, they inserted malicious code into otherwise legitimate software software updates. This is known as a supply chain attack, as it infects software software when it is assembled.
It’s a big coup for hackers to launch a supply-chain attack, as it packages their software loader into a trusted piece of trusted software. Instead of printing personal targets to download software software infected by phishing campaigns, hackers rely on many government agencies and companies to install the Orion update at the behest of Solarwinds.
The approach is particularly powerful in this case as thousands of companies and government agencies around the world reportedly use Orion software. With the release of the stigmatized software software update, Solarwinds’ vast customer list became a target of potential hacking.
Which government agencies were infected with malware?
According to Reuters, the Washington Washington Post and The Street Journal, Homeland Security, State, Commerce and Treasury departments as well as national health institutions were affected. Politico reported on Thursday that U.S. Nuclear programs run by the Department of Energy and the National Atomic Energy Agency have also been targeted.
It is not yet clear what information from federal agencies, if any, was stolen, but the amount of access access appears to be extensive.
Although the Department of Energy and the Department of Commerce have acknowledged the hacks in news sources, there is no official confirmation that other specific federal agencies have been hacked. However, the U.S. The Cybersecurity and Infrastructure Security Agency urged federal agencies to reduce the warehousing, noting that it was “currently being exploited by malicious artists.”
In a statement on Thursday, President-elect Joe Biden said his administration would “prioritize dealing with this breach from the moment we take office.”
Why is heck a big deal?
In addition to gaining gain access to many government systems, hackers turned the run-by-mill software update into a weapon. That weapon drew attention to thousands of groups, not just agencies and companies that hackers focused on after they installed the Stained Orion update.
Brad Smith, president of MicroSFT, called it a “negligence act” in a huge blog post exploring Hack’s disruptions. He did not directly attribute the hack to Russia, but described his previous alleged hacking campaign as evidence of an increasingly prolific cyber conflict.
“This is not just an attack on specific targets, but on the world’s crucial structured trust and credibility to advance a country’s intelligence agency,” Smith said. He called for an international agreement to limit the production of hacking tools that undermine global cyber security.
Former Facebook cybersecurity chief Alex Stamos said on Twitter that the hack could lead to a supply-chain attack. Become more common. However, he The question of whether it is hacked Nothing was normal for a well-resourced intelligence agency.
“So far, all the activities discussed in public have come within the limits of what the U.S. regularly does,” Stamos said.
Were private companies or other governments hit by malware?
Yes. Microsoft on Thursday confirmed that it had found malware indicators in its systems, after confirming several days ago that the breach was affecting customers of its cybersecurity services. A Reuters report also said that Microsoft’s own systems were used to carry out the hacking campaign, but Microsoft denied the allegations to news agencies. On Wednesday, the company began separating versions of Orion with Mion Lover, to cut hackers from its customers’ systems.
FireA also confirmed last week that it had been infected with malware and was also seeing an infection in the customer system.
On Monday, the Wall Street Journal said it had found at least 24 companies that had installed malicious software. These include tech companies Cisco, Intel, Nvidia, VMware and Belkin, according to the journal. The hackers also had access to the California Department of State, state hospitals and Kent State University.
It is not clear which of the other private sector customers of Solarwinds are infected with the malware. The company’s customer list includes large corporations such as AT&T, Procter & Gamble and McDonald’s. The company also considers governments and private companies around the world as customers. Firey says many of those customers were infected.
What do we know about the Russian alliance in Heck?
Unknown U.S. Government officials have reported to news outlets that the hacking group, believed to be a Russian intelligence agency, is responsible for the malware campaign by Solarwinds, cybersecurity companies and U.S. Government statements have dubbed the hack “nation-state actors,” but have not named the country directly.
In a statement on Facebook, U.S. The Russian embassy in New York has denied responsibility for the Solarwinds hacking operation. “The malicious activities taking place in the information space contradict our understanding of Russian foreign policy principles, national interests and interstate relations,” the embassy said. “Russia does not commit abusive acts in the cyber domain,” the embassy said.
Nicknamed APT29 or CozyBear, the hacking group named by news reports has previously been accused of targeting email systems at the State Department and the White House during President Barack Obama’s administration. It was also named by US intelligence agencies as a group Infiltration email systems At National Committee for Democracy in 2015Is, but Kozibier is not responsible for the leaks. (Another Russian agency was found guilty.)
Recently, the U.S., U.K. And Canada has blamed the group for hacking attempts to access. Information about COVID-19 vaccine research.
